Mon, 8 Jan 2007
Happy new year!
Seems like new year wishes are the only news items anymore. We're still alive, but our time is going to other projects and work.
Tue, 3 Jan 2006
Happy new year to everybody!
We would also like to announce a new version of CPT featuring a multi-threaded version of the proxyscanner in Java. A multithreaded C proxy scanner will most likely also be included.
Tue, 9 Aug 2004
Yes, we're all still alive, but projects, studying and work is keeping us busy.
Mon, 30 Dec 2002
Cum Security Toolkit v1.41 (CST v1.41) has been released - found some small bug in the v1.4 , they should be fixed in this version. I've also updated the manual and the big.db vulnerable script database (now containing +2200 files). Go to the cum security toolkit page for more info on this hacking / security tool and the latest version of the scan databases.
+ click here to download CST v1.41
+ click here to view the CST v1.41 manual
Sat, 28 Dec 2002
Cum Security Toolkit v1.4 (CST v1.4) has been released:
+ click here to download CST v1.4
+ click here to view the CST v1.4 manual
Wed, 12 Jun 2002
Jep, we're quiet lately - but we're still alive... Stay tuned.
Sun, 16 Sep 2001
Cum Proxy Toolkit v1.0 (CPT v1.0) has been released:
+ click here to download CPT v1.0
+ click here to view the CPT v1.0 manual
Within a day or two the techlab page will be updated with some pictures of our lab (computers, cardreaders, emulators, phreaking tools, lockpicking tools, etc.)
Sun, 20 May 2001
Within a month we'll do a slight site rearrangement. The members section will expand with some pictures, and links to our personal pages. The projects page (this page) will get more structure instead of the current chaos, and each project (CST, CPT, BPG, etc.) will get its own page. The techlab and library will also move to a separate page, and we'll put some pictures online of the lab and of some pieces of exotic hardware and phreak tools. Finally we'll also add a message board with a section for each project. If people actually post there, and if there's a need, we'll add some more sections.
Around that time the new page for Phreak.BE should come online too, so stay tuned...
Sat, 14 Apr 2001
Cum Security Toolkit v1.3 (CST v1.3) has been released:
+ click here to download CST v1.3
+ click here to view the CST v1.3 manual
Somewhere in the next coming weeks, we'll also release the first version of our Cum Proxy Toolkit (CPT).
Sat, 10 Mar 2001
We've been really quiet the last few months - but that'll change now. As you can see we redesigned the site (if you find errors in the new site, mail us) we're also planning on releasing CST v1.3 and CPT v1.0 quite soon.
If you want to request something (security consulting, programming job, project request etc.) you can use the request form.
Mon, 1 Jan 2001
Happy new year.
Sat, 16 Dec 2000
Somewhere in the next few weeks we'll release the cum security toolkit (CST) v1.3. The new version has again alot more features than the previous one (more than 12 different anti-IDS tactics, custom http code reporting, different method scanning, scanning using multiple proxy servers, etc.) We'll also release the first version of the cum proxy toolkit (CPT) soon, containing an ultrafast and reliable proxy scanner, proxy log analysers to extract proxies, a conversion utility to build databases with unique proxies, etc.
Fri, 20 Oct 2000
The cum security toolkit (CST) v1.2 has been released, you can download it here (cst1_4.tar.gz). This version contains a script scanner, that scans using a database of scripts (user editable). The sample databases included contain +350 possibly vulnerable scripts/dirs. You can scan with or without a proxyserver. The scanner has 5 different Anti-IDS tactics (hex-values, double slashes, self-reference dirs, parameter hiding and session splicing), and sends fake "X-Forwarded-For:", "Referer:" and "User-Agent:" headers to hide your scan even more. You can also specify a waittime between 2 script fetches. The scanner uses HEAD requests instead of GET for faster scanning, and has support for scanning virtual hosts. You can also specify another port to scan instead of the standard port 80. The scanner outputs the scripts/dirs that return a 200, 403 or 401 HTTP code and outputs the webserver software. I'm probably forgetting some options because there are *alot* in this new version - you have to try it to see... Also included is a portscanner. It can perform TCP scans, and it outputs the open ports, and their reply. A full and comprehensive manual is included, but if you have problems, you can always mail us. If you happen to find a bug in this version of cst, please mail us a bug report. If you have a good idea for the next version (either from the hacking or the security perspective), or something you think should change mail us too.
Wed, 10 May 2000
The cum security toolkit (cst) v1.0 has been released, you can download it here (cst1_4.tar.gz). This first version contains a script scanner, that scans using a database of scripts, and using a proxy-server. The sample databases included contain +300 possibly vulnerable scripts, written with hex-codes to "hide" the scan in the target logs. It is advised to make your own "custom" db, or else your scans will be a bit noisy in the logs... The cgi scanner also sends a fake "X-Forwarded-For:" http header with each request it makes, so this should make your scan (just a little) anonymous, even with a non-anonymous proxy. Also included is a simple portscanner. Don't expect much from it, for the moment it can only perform TCP scans (full connection). But a "nice" feature is that it outputs the ports reply. You can specify seperate ports, or portranges to scan. The next version of the cum security toolkit will also contain a script-spider that spiders a target server and outputs the names of all scripts used on the site, and all script directories. If you happen to find a bug in this version of cst, please mail us a bug report. If you have a good idea for the next version, or something you think should change mail us too.
Mon, 1 May 2000
Somewere this week or next week, we'll release CST v1.0 -- cum security toolkit -- this first version will contain a cgi script scanner and a port scanner, and should be a good allround hacking and security tool. The cgi scanner uses a proxy server to scan, sends a fake "X-Forwarded-For:" header, uses hex-code filenames, checks target serversoftware, and uses databases with the scripts-to-scan, so you can easily add a script, or make your custom database. The portscanner still needs some work -- for now it can only do tcp scans, but you can specify port-ranges and seperate ports to scan, the scanner outputs the open ports and the ports reply. A new version of the proxy scanner (as announced on 10 Mar) will probably be released together with the cum security toolkit, a new feature is that you can now supply entire subnets to scan. If anyone has some useful phreaking info for the next release of the bpg, please mail it to us -- if you give us new info, you'll automatically get added to the list of ppl who'll get the new release.
Fri, 10 Mar 2000
Some source releases: an enhanced version of our proxyscanner, an RPC scanner and some other useful tools.
Sat, 1 Jan 2000 - Happy 2ooo !
The Belgian Phonephun Guide v1.0 has been released. It contains useful technical phreaking info on the various PSTN, ISDN and GSM providers in Belgium, tips and tricks, useful numbers, ... This first version was privately released - we're hoping to release a public version pretty soon.